PT-2025-24542 · Unknown · React-Native-Keys
Ch3Tanbug
+1
·
Published
2025-06-09
·
Updated
2025-06-23
·
CVE-2025-45001
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
react-native-keys version 0.7.11
Description
The issue concerns sensitive information disclosure, where encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools.
Recommendations
For react-native-keys version 0.7.11, consider removing or securely storing sensitive information to prevent disclosure. As a temporary workaround, restrict access to the compiled native binary to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
React-Native-Keys